Date
June 24, 2025, 11:37 a.m.
| Environment | |
|---|---|
| dragonboard-845c | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 76.303171] ================================================================== [ 76.310490] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 76.317634] Write of size 121 at addr ffff0000947c2c00 by task kunit_try_catch/383 [ 76.325298] [ 76.326824] CPU: 7 UID: 0 PID: 383 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 76.326853] Tainted: [B]=BAD_PAGE, [N]=TEST [ 76.326861] Hardware name: Thundercomm Dragonboard 845c (DT) [ 76.326871] Call trace: [ 76.326879] show_stack+0x20/0x38 (C) [ 76.326898] dump_stack_lvl+0x8c/0xd0 [ 76.326916] print_report+0x118/0x608 [ 76.326934] kasan_report+0xdc/0x128 [ 76.326953] kasan_check_range+0x100/0x1a8 [ 76.326972] __kasan_check_write+0x20/0x30 [ 76.326987] copy_user_test_oob+0x35c/0xec8 [ 76.327004] kunit_try_run_case+0x170/0x3f0 [ 76.327022] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 76.327042] kthread+0x328/0x630 [ 76.327057] ret_from_fork+0x10/0x20 [ 76.327073] [ 76.396165] Allocated by task 383: [ 76.399616] kasan_save_stack+0x3c/0x68 [ 76.403520] kasan_save_track+0x20/0x40 [ 76.407425] kasan_save_alloc_info+0x40/0x58 [ 76.411758] __kasan_kmalloc+0xd4/0xd8 [ 76.415574] __kmalloc_noprof+0x198/0x4c8 [ 76.419650] kunit_kmalloc_array+0x34/0x88 [ 76.423811] copy_user_test_oob+0xac/0xec8 [ 76.427973] kunit_try_run_case+0x170/0x3f0 [ 76.432222] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 76.437786] kthread+0x328/0x630 [ 76.441066] ret_from_fork+0x10/0x20 [ 76.444708] [ 76.446230] The buggy address belongs to the object at ffff0000947c2c00 [ 76.446230] which belongs to the cache kmalloc-128 of size 128 [ 76.458879] The buggy address is located 0 bytes inside of [ 76.458879] allocated 120-byte region [ffff0000947c2c00, ffff0000947c2c78) [ 76.471450] [ 76.472972] The buggy address belongs to the physical page: [ 76.478614] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1147c2 [ 76.486712] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 76.494460] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 76.501516] page_type: f5(slab) [ 76.504712] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 76.512550] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 76.520389] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 76.528312] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 76.536237] head: 0bfffe0000000001 fffffdffc251f081 00000000ffffffff 00000000ffffffff [ 76.544160] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 76.552080] page dumped because: kasan: bad access detected [ 76.557722] [ 76.559252] Memory state around the buggy address: [ 76.564111] ffff0000947c2b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 76.571423] ffff0000947c2b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.578729] >ffff0000947c2c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 76.586039] ^ [ 76.593262] ffff0000947c2c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.600575] ffff0000947c2d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.607888] ================================================================== [ 77.239310] ================================================================== [ 77.246620] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 77.253763] Read of size 121 at addr ffff0000947c2c00 by task kunit_try_catch/383 [ 77.261340] [ 77.262865] CPU: 7 UID: 0 PID: 383 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 77.262894] Tainted: [B]=BAD_PAGE, [N]=TEST [ 77.262902] Hardware name: Thundercomm Dragonboard 845c (DT) [ 77.262912] Call trace: [ 77.262918] show_stack+0x20/0x38 (C) [ 77.262934] dump_stack_lvl+0x8c/0xd0 [ 77.262952] print_report+0x118/0x608 [ 77.262970] kasan_report+0xdc/0x128 [ 77.262988] kasan_check_range+0x100/0x1a8 [ 77.263007] __kasan_check_read+0x20/0x30 [ 77.263022] copy_user_test_oob+0x4a0/0xec8 [ 77.263041] kunit_try_run_case+0x170/0x3f0 [ 77.263058] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 77.263078] kthread+0x328/0x630 [ 77.263092] ret_from_fork+0x10/0x20 [ 77.263110] [ 77.332135] Allocated by task 383: [ 77.335591] kasan_save_stack+0x3c/0x68 [ 77.339490] kasan_save_track+0x20/0x40 [ 77.343387] kasan_save_alloc_info+0x40/0x58 [ 77.347726] __kasan_kmalloc+0xd4/0xd8 [ 77.351534] __kmalloc_noprof+0x198/0x4c8 [ 77.355604] kunit_kmalloc_array+0x34/0x88 [ 77.359770] copy_user_test_oob+0xac/0xec8 [ 77.363937] kunit_try_run_case+0x170/0x3f0 [ 77.368191] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 77.373761] kthread+0x328/0x630 [ 77.377046] ret_from_fork+0x10/0x20 [ 77.380682] [ 77.382205] The buggy address belongs to the object at ffff0000947c2c00 [ 77.382205] which belongs to the cache kmalloc-128 of size 128 [ 77.394857] The buggy address is located 0 bytes inside of [ 77.394857] allocated 120-byte region [ffff0000947c2c00, ffff0000947c2c78) [ 77.407426] [ 77.408950] The buggy address belongs to the physical page: [ 77.414596] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1147c2 [ 77.422703] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 77.430452] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 77.437505] page_type: f5(slab) [ 77.440703] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 77.448539] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 77.456375] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 77.464296] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 77.472218] head: 0bfffe0000000001 fffffdffc251f081 00000000ffffffff 00000000ffffffff [ 77.480139] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 77.488058] page dumped because: kasan: bad access detected [ 77.493703] [ 77.495225] Memory state around the buggy address: [ 77.500080] ffff0000947c2b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.507392] ffff0000947c2b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.514703] >ffff0000947c2c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 77.522013] ^ [ 77.529235] ffff0000947c2c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.536547] ffff0000947c2d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.543857] ================================================================== [ 75.672698] ================================================================== [ 75.686193] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 75.693341] Write of size 121 at addr ffff0000947c2c00 by task kunit_try_catch/383 [ 75.701008] [ 75.702538] CPU: 7 UID: 0 PID: 383 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 75.702570] Tainted: [B]=BAD_PAGE, [N]=TEST [ 75.702578] Hardware name: Thundercomm Dragonboard 845c (DT) [ 75.702590] Call trace: [ 75.702597] show_stack+0x20/0x38 (C) [ 75.702616] dump_stack_lvl+0x8c/0xd0 [ 75.702636] print_report+0x118/0x608 [ 75.702656] kasan_report+0xdc/0x128 [ 75.702675] kasan_check_range+0x100/0x1a8 [ 75.702694] __kasan_check_write+0x20/0x30 [ 75.702710] copy_user_test_oob+0x234/0xec8 [ 75.702729] kunit_try_run_case+0x170/0x3f0 [ 75.702749] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 75.702770] kthread+0x328/0x630 [ 75.702785] ret_from_fork+0x10/0x20 [ 75.702803] [ 75.771925] Allocated by task 383: [ 75.775379] kasan_save_stack+0x3c/0x68 [ 75.779285] kasan_save_track+0x20/0x40 [ 75.783190] kasan_save_alloc_info+0x40/0x58 [ 75.787520] __kasan_kmalloc+0xd4/0xd8 [ 75.791336] __kmalloc_noprof+0x198/0x4c8 [ 75.795411] kunit_kmalloc_array+0x34/0x88 [ 75.799571] copy_user_test_oob+0xac/0xec8 [ 75.803733] kunit_try_run_case+0x170/0x3f0 [ 75.807980] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 75.813543] kthread+0x328/0x630 [ 75.816825] ret_from_fork+0x10/0x20 [ 75.820465] [ 75.821989] The buggy address belongs to the object at ffff0000947c2c00 [ 75.821989] which belongs to the cache kmalloc-128 of size 128 [ 75.834639] The buggy address is located 0 bytes inside of [ 75.834639] allocated 120-byte region [ffff0000947c2c00, ffff0000947c2c78) [ 75.847211] [ 75.848743] The buggy address belongs to the physical page: [ 75.854385] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1147c2 [ 75.862491] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 75.870239] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 75.877297] page_type: f5(slab) [ 75.880492] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 75.888330] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 75.896168] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 75.904091] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 75.912014] head: 0bfffe0000000001 fffffdffc251f081 00000000ffffffff 00000000ffffffff [ 75.919936] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 75.927856] page dumped because: kasan: bad access detected [ 75.933497] [ 75.935030] Memory state around the buggy address: [ 75.939886] ffff0000947c2b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 75.947202] ffff0000947c2b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.954516] >ffff0000947c2c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 75.961826] ^ [ 75.969050] ffff0000947c2c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.976362] ffff0000947c2d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 75.983673] ================================================================== [ 76.927172] ================================================================== [ 76.934488] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 76.941634] Write of size 121 at addr ffff0000947c2c00 by task kunit_try_catch/383 [ 76.949300] [ 76.950825] CPU: 7 UID: 0 PID: 383 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 76.950854] Tainted: [B]=BAD_PAGE, [N]=TEST [ 76.950861] Hardware name: Thundercomm Dragonboard 845c (DT) [ 76.950872] Call trace: [ 76.950879] show_stack+0x20/0x38 (C) [ 76.950896] dump_stack_lvl+0x8c/0xd0 [ 76.950913] print_report+0x118/0x608 [ 76.950931] kasan_report+0xdc/0x128 [ 76.950949] kasan_check_range+0x100/0x1a8 [ 76.950969] __kasan_check_write+0x20/0x30 [ 76.950986] copy_user_test_oob+0x434/0xec8 [ 76.951004] kunit_try_run_case+0x170/0x3f0 [ 76.951022] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 76.951042] kthread+0x328/0x630 [ 76.951056] ret_from_fork+0x10/0x20 [ 76.951073] [ 77.020199] Allocated by task 383: [ 77.023655] kasan_save_stack+0x3c/0x68 [ 77.027555] kasan_save_track+0x20/0x40 [ 77.031453] kasan_save_alloc_info+0x40/0x58 [ 77.035792] __kasan_kmalloc+0xd4/0xd8 [ 77.039602] __kmalloc_noprof+0x198/0x4c8 [ 77.043672] kunit_kmalloc_array+0x34/0x88 [ 77.047839] copy_user_test_oob+0xac/0xec8 [ 77.052005] kunit_try_run_case+0x170/0x3f0 [ 77.056258] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 77.061827] kthread+0x328/0x630 [ 77.065113] ret_from_fork+0x10/0x20 [ 77.068750] [ 77.070274] The buggy address belongs to the object at ffff0000947c2c00 [ 77.070274] which belongs to the cache kmalloc-128 of size 128 [ 77.082924] The buggy address is located 0 bytes inside of [ 77.082924] allocated 120-byte region [ffff0000947c2c00, ffff0000947c2c78) [ 77.095494] [ 77.097017] The buggy address belongs to the physical page: [ 77.102664] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1147c2 [ 77.110771] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 77.118518] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 77.125572] page_type: f5(slab) [ 77.128771] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 77.136607] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 77.144444] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 77.152366] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 77.160289] head: 0bfffe0000000001 fffffdffc251f081 00000000ffffffff 00000000ffffffff [ 77.168210] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 77.176127] page dumped because: kasan: bad access detected [ 77.181774] [ 77.183296] Memory state around the buggy address: [ 77.188151] ffff0000947c2b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 77.195463] ffff0000947c2b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.202774] >ffff0000947c2c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 77.210084] ^ [ 77.217306] ffff0000947c2c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.224618] ffff0000947c2d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 77.231927] ================================================================== [ 75.991135] ================================================================== [ 75.998459] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 76.005605] Read of size 121 at addr ffff0000947c2c00 by task kunit_try_catch/383 [ 76.013184] [ 76.014712] CPU: 7 UID: 0 PID: 383 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 76.014742] Tainted: [B]=BAD_PAGE, [N]=TEST [ 76.014750] Hardware name: Thundercomm Dragonboard 845c (DT) [ 76.014761] Call trace: [ 76.014768] show_stack+0x20/0x38 (C) [ 76.014786] dump_stack_lvl+0x8c/0xd0 [ 76.014805] print_report+0x118/0x608 [ 76.014825] kasan_report+0xdc/0x128 [ 76.014843] kasan_check_range+0x100/0x1a8 [ 76.014864] __kasan_check_read+0x20/0x30 [ 76.014880] copy_user_test_oob+0x728/0xec8 [ 76.014897] kunit_try_run_case+0x170/0x3f0 [ 76.014915] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 76.014937] kthread+0x328/0x630 [ 76.014950] ret_from_fork+0x10/0x20 [ 76.014967] [ 76.083987] Allocated by task 383: [ 76.087439] kasan_save_stack+0x3c/0x68 [ 76.091346] kasan_save_track+0x20/0x40 [ 76.095249] kasan_save_alloc_info+0x40/0x58 [ 76.099581] __kasan_kmalloc+0xd4/0xd8 [ 76.103396] __kmalloc_noprof+0x198/0x4c8 [ 76.107471] kunit_kmalloc_array+0x34/0x88 [ 76.111633] copy_user_test_oob+0xac/0xec8 [ 76.115795] kunit_try_run_case+0x170/0x3f0 [ 76.120044] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 76.125607] kthread+0x328/0x630 [ 76.128887] ret_from_fork+0x10/0x20 [ 76.132528] [ 76.134053] The buggy address belongs to the object at ffff0000947c2c00 [ 76.134053] which belongs to the cache kmalloc-128 of size 128 [ 76.146702] The buggy address is located 0 bytes inside of [ 76.146702] allocated 120-byte region [ffff0000947c2c00, ffff0000947c2c78) [ 76.159266] [ 76.160798] The buggy address belongs to the physical page: [ 76.166440] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1147c2 [ 76.174548] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 76.182297] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 76.189352] page_type: f5(slab) [ 76.192547] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 76.200385] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 76.208223] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 76.216145] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 76.224069] head: 0bfffe0000000001 fffffdffc251f081 00000000ffffffff 00000000ffffffff [ 76.231993] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 76.239911] page dumped because: kasan: bad access detected [ 76.245552] [ 76.247085] Memory state around the buggy address: [ 76.251943] ffff0000947c2b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 76.259258] ffff0000947c2b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.266573] >ffff0000947c2c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 76.273884] ^ [ 76.281107] ffff0000947c2c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.288420] ffff0000947c2d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.295731] ================================================================== [ 76.615255] ================================================================== [ 76.622563] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 76.629699] Read of size 121 at addr ffff0000947c2c00 by task kunit_try_catch/383 [ 76.637278] [ 76.638804] CPU: 7 UID: 0 PID: 383 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 76.638833] Tainted: [B]=BAD_PAGE, [N]=TEST [ 76.638842] Hardware name: Thundercomm Dragonboard 845c (DT) [ 76.638854] Call trace: [ 76.638860] show_stack+0x20/0x38 (C) [ 76.638877] dump_stack_lvl+0x8c/0xd0 [ 76.638895] print_report+0x118/0x608 [ 76.638913] kasan_report+0xdc/0x128 [ 76.638932] kasan_check_range+0x100/0x1a8 [ 76.638951] __kasan_check_read+0x20/0x30 [ 76.638966] copy_user_test_oob+0x3c8/0xec8 [ 76.638984] kunit_try_run_case+0x170/0x3f0 [ 76.639000] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 76.639021] kthread+0x328/0x630 [ 76.639035] ret_from_fork+0x10/0x20 [ 76.639051] [ 76.708088] Allocated by task 383: [ 76.711539] kasan_save_stack+0x3c/0x68 [ 76.715443] kasan_save_track+0x20/0x40 [ 76.719347] kasan_save_alloc_info+0x40/0x58 [ 76.723679] __kasan_kmalloc+0xd4/0xd8 [ 76.727495] __kmalloc_noprof+0x198/0x4c8 [ 76.731571] kunit_kmalloc_array+0x34/0x88 [ 76.735732] copy_user_test_oob+0xac/0xec8 [ 76.739894] kunit_try_run_case+0x170/0x3f0 [ 76.744142] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 76.749706] kthread+0x328/0x630 [ 76.752988] ret_from_fork+0x10/0x20 [ 76.756629] [ 76.758152] The buggy address belongs to the object at ffff0000947c2c00 [ 76.758152] which belongs to the cache kmalloc-128 of size 128 [ 76.770802] The buggy address is located 0 bytes inside of [ 76.770802] allocated 120-byte region [ffff0000947c2c00, ffff0000947c2c78) [ 76.783373] [ 76.784905] The buggy address belongs to the physical page: [ 76.790546] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1147c2 [ 76.798645] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 76.806394] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 76.813439] page_type: f5(slab) [ 76.816635] raw: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 76.824470] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 76.832308] head: 0bfffe0000000040 ffff000080002a00 dead000000000122 0000000000000000 [ 76.840231] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 76.848155] head: 0bfffe0000000001 fffffdffc251f081 00000000ffffffff 00000000ffffffff [ 76.856077] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 76.863997] page dumped because: kasan: bad access detected [ 76.869639] [ 76.871170] Memory state around the buggy address: [ 76.876029] ffff0000947c2b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 76.883342] ffff0000947c2b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.890647] >ffff0000947c2c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 76.897957] ^ [ 76.905180] ffff0000947c2c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.912494] ffff0000947c2d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 76.919805] ==================================================================
[ 37.857996] ================================================================== [ 37.858133] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 37.858325] Read of size 121 at addr fff00000c77e6a00 by task kunit_try_catch/296 [ 37.858471] [ 37.858664] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.859048] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.859210] Hardware name: linux,dummy-virt (DT) [ 37.859329] Call trace: [ 37.859428] show_stack+0x20/0x38 (C) [ 37.859675] dump_stack_lvl+0x8c/0xd0 [ 37.859809] print_report+0x118/0x608 [ 37.859956] kasan_report+0xdc/0x128 [ 37.860074] kasan_check_range+0x100/0x1a8 [ 37.860220] __kasan_check_read+0x20/0x30 [ 37.860447] copy_user_test_oob+0x728/0xec8 [ 37.860727] kunit_try_run_case+0x170/0x3f0 [ 37.860984] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.861260] kthread+0x328/0x630 [ 37.861439] ret_from_fork+0x10/0x20 [ 37.861633] [ 37.861689] Allocated by task 296: [ 37.861773] kasan_save_stack+0x3c/0x68 [ 37.861907] kasan_save_track+0x20/0x40 [ 37.862050] kasan_save_alloc_info+0x40/0x58 [ 37.862252] __kasan_kmalloc+0xd4/0xd8 [ 37.862505] __kmalloc_noprof+0x198/0x4c8 [ 37.862611] kunit_kmalloc_array+0x34/0x88 [ 37.862750] copy_user_test_oob+0xac/0xec8 [ 37.862861] kunit_try_run_case+0x170/0x3f0 [ 37.863165] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.863314] kthread+0x328/0x630 [ 37.863457] ret_from_fork+0x10/0x20 [ 37.863602] [ 37.863787] The buggy address belongs to the object at fff00000c77e6a00 [ 37.863787] which belongs to the cache kmalloc-128 of size 128 [ 37.864193] The buggy address is located 0 bytes inside of [ 37.864193] allocated 120-byte region [fff00000c77e6a00, fff00000c77e6a78) [ 37.864431] [ 37.864494] The buggy address belongs to the physical page: [ 37.864587] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e6 [ 37.864757] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.864940] page_type: f5(slab) [ 37.865076] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.865280] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.865492] page dumped because: kasan: bad access detected [ 37.865651] [ 37.865813] Memory state around the buggy address: [ 37.865933] fff00000c77e6900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.866066] fff00000c77e6980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.866239] >fff00000c77e6a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.866379] ^ [ 37.866706] fff00000c77e6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.866954] fff00000c77e6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.867152] ================================================================== [ 37.833648] ================================================================== [ 37.833868] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 37.834504] Write of size 121 at addr fff00000c77e6a00 by task kunit_try_catch/296 [ 37.834643] [ 37.834750] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.834978] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.835050] Hardware name: linux,dummy-virt (DT) [ 37.835150] Call trace: [ 37.835556] show_stack+0x20/0x38 (C) [ 37.836142] dump_stack_lvl+0x8c/0xd0 [ 37.836447] print_report+0x118/0x608 [ 37.836827] kasan_report+0xdc/0x128 [ 37.836986] kasan_check_range+0x100/0x1a8 [ 37.837401] __kasan_check_write+0x20/0x30 [ 37.837551] copy_user_test_oob+0x234/0xec8 [ 37.838077] kunit_try_run_case+0x170/0x3f0 [ 37.838288] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.838819] kthread+0x328/0x630 [ 37.839329] ret_from_fork+0x10/0x20 [ 37.839814] [ 37.840127] Allocated by task 296: [ 37.840220] kasan_save_stack+0x3c/0x68 [ 37.840331] kasan_save_track+0x20/0x40 [ 37.840665] kasan_save_alloc_info+0x40/0x58 [ 37.841242] __kasan_kmalloc+0xd4/0xd8 [ 37.841500] __kmalloc_noprof+0x198/0x4c8 [ 37.841636] kunit_kmalloc_array+0x34/0x88 [ 37.841736] copy_user_test_oob+0xac/0xec8 [ 37.841839] kunit_try_run_case+0x170/0x3f0 [ 37.841973] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.842111] kthread+0x328/0x630 [ 37.842202] ret_from_fork+0x10/0x20 [ 37.842325] [ 37.842396] The buggy address belongs to the object at fff00000c77e6a00 [ 37.842396] which belongs to the cache kmalloc-128 of size 128 [ 37.842551] The buggy address is located 0 bytes inside of [ 37.842551] allocated 120-byte region [fff00000c77e6a00, fff00000c77e6a78) [ 37.842703] [ 37.842761] The buggy address belongs to the physical page: [ 37.842846] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e6 [ 37.843176] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.843642] page_type: f5(slab) [ 37.844009] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.844289] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.844434] page dumped because: kasan: bad access detected [ 37.844538] [ 37.844602] Memory state around the buggy address: [ 37.844691] fff00000c77e6900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.844853] fff00000c77e6980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.845146] >fff00000c77e6a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.845437] ^ [ 37.845563] fff00000c77e6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.845816] fff00000c77e6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.845935] ================================================================== [ 37.887958] ================================================================== [ 37.888070] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 37.888193] Read of size 121 at addr fff00000c77e6a00 by task kunit_try_catch/296 [ 37.888319] [ 37.888384] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.888748] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.888829] Hardware name: linux,dummy-virt (DT) [ 37.888934] Call trace: [ 37.889093] show_stack+0x20/0x38 (C) [ 37.889434] dump_stack_lvl+0x8c/0xd0 [ 37.889701] print_report+0x118/0x608 [ 37.889821] kasan_report+0xdc/0x128 [ 37.889963] kasan_check_range+0x100/0x1a8 [ 37.890139] __kasan_check_read+0x20/0x30 [ 37.890315] copy_user_test_oob+0x3c8/0xec8 [ 37.890468] kunit_try_run_case+0x170/0x3f0 [ 37.890653] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.890838] kthread+0x328/0x630 [ 37.891105] ret_from_fork+0x10/0x20 [ 37.891294] [ 37.891325] Allocated by task 296: [ 37.891397] kasan_save_stack+0x3c/0x68 [ 37.891477] kasan_save_track+0x20/0x40 [ 37.891529] kasan_save_alloc_info+0x40/0x58 [ 37.891586] __kasan_kmalloc+0xd4/0xd8 [ 37.891673] __kmalloc_noprof+0x198/0x4c8 [ 37.891727] kunit_kmalloc_array+0x34/0x88 [ 37.891775] copy_user_test_oob+0xac/0xec8 [ 37.891822] kunit_try_run_case+0x170/0x3f0 [ 37.891871] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.892079] kthread+0x328/0x630 [ 37.892713] ret_from_fork+0x10/0x20 [ 37.893169] [ 37.893347] The buggy address belongs to the object at fff00000c77e6a00 [ 37.893347] which belongs to the cache kmalloc-128 of size 128 [ 37.893730] The buggy address is located 0 bytes inside of [ 37.893730] allocated 120-byte region [fff00000c77e6a00, fff00000c77e6a78) [ 37.893910] [ 37.893964] The buggy address belongs to the physical page: [ 37.894797] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e6 [ 37.895779] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.895930] page_type: f5(slab) [ 37.896033] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.896159] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.896371] page dumped because: kasan: bad access detected [ 37.896468] [ 37.896534] Memory state around the buggy address: [ 37.896661] fff00000c77e6900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.896833] fff00000c77e6980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.896976] >fff00000c77e6a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.897329] ^ [ 37.897654] fff00000c77e6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.897823] fff00000c77e6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.897945] ================================================================== [ 37.908495] ================================================================== [ 37.908647] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 37.908812] Read of size 121 at addr fff00000c77e6a00 by task kunit_try_catch/296 [ 37.909045] [ 37.909154] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.909536] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.909637] Hardware name: linux,dummy-virt (DT) [ 37.909784] Call trace: [ 37.909918] show_stack+0x20/0x38 (C) [ 37.910044] dump_stack_lvl+0x8c/0xd0 [ 37.910183] print_report+0x118/0x608 [ 37.910410] kasan_report+0xdc/0x128 [ 37.910627] kasan_check_range+0x100/0x1a8 [ 37.910958] __kasan_check_read+0x20/0x30 [ 37.911153] copy_user_test_oob+0x4a0/0xec8 [ 37.911313] kunit_try_run_case+0x170/0x3f0 [ 37.911445] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.911568] kthread+0x328/0x630 [ 37.911684] ret_from_fork+0x10/0x20 [ 37.911808] [ 37.911862] Allocated by task 296: [ 37.911962] kasan_save_stack+0x3c/0x68 [ 37.912058] kasan_save_track+0x20/0x40 [ 37.912279] kasan_save_alloc_info+0x40/0x58 [ 37.912480] __kasan_kmalloc+0xd4/0xd8 [ 37.912588] __kmalloc_noprof+0x198/0x4c8 [ 37.912755] kunit_kmalloc_array+0x34/0x88 [ 37.912910] copy_user_test_oob+0xac/0xec8 [ 37.913033] kunit_try_run_case+0x170/0x3f0 [ 37.913223] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.913384] kthread+0x328/0x630 [ 37.913504] ret_from_fork+0x10/0x20 [ 37.913605] [ 37.913682] The buggy address belongs to the object at fff00000c77e6a00 [ 37.913682] which belongs to the cache kmalloc-128 of size 128 [ 37.913906] The buggy address is located 0 bytes inside of [ 37.913906] allocated 120-byte region [fff00000c77e6a00, fff00000c77e6a78) [ 37.914076] [ 37.914221] The buggy address belongs to the physical page: [ 37.914313] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e6 [ 37.914478] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.914603] page_type: f5(slab) [ 37.914723] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.914855] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.915043] page dumped because: kasan: bad access detected [ 37.915161] [ 37.915222] Memory state around the buggy address: [ 37.915354] fff00000c77e6900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.915519] fff00000c77e6980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.915769] >fff00000c77e6a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.915900] ^ [ 37.916085] fff00000c77e6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.916366] fff00000c77e6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.916481] ================================================================== [ 37.877188] ================================================================== [ 37.877477] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 37.879294] Write of size 121 at addr fff00000c77e6a00 by task kunit_try_catch/296 [ 37.879604] [ 37.879939] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.880199] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.880330] Hardware name: linux,dummy-virt (DT) [ 37.880382] Call trace: [ 37.880416] show_stack+0x20/0x38 (C) [ 37.880507] dump_stack_lvl+0x8c/0xd0 [ 37.880595] print_report+0x118/0x608 [ 37.880659] kasan_report+0xdc/0x128 [ 37.880715] kasan_check_range+0x100/0x1a8 [ 37.880777] __kasan_check_write+0x20/0x30 [ 37.880836] copy_user_test_oob+0x35c/0xec8 [ 37.881033] kunit_try_run_case+0x170/0x3f0 [ 37.881193] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.881333] kthread+0x328/0x630 [ 37.881445] ret_from_fork+0x10/0x20 [ 37.881579] [ 37.881753] Allocated by task 296: [ 37.881836] kasan_save_stack+0x3c/0x68 [ 37.882014] kasan_save_track+0x20/0x40 [ 37.882265] kasan_save_alloc_info+0x40/0x58 [ 37.882495] __kasan_kmalloc+0xd4/0xd8 [ 37.882633] __kmalloc_noprof+0x198/0x4c8 [ 37.882728] kunit_kmalloc_array+0x34/0x88 [ 37.882831] copy_user_test_oob+0xac/0xec8 [ 37.882959] kunit_try_run_case+0x170/0x3f0 [ 37.883076] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.883263] kthread+0x328/0x630 [ 37.883388] ret_from_fork+0x10/0x20 [ 37.883529] [ 37.883595] The buggy address belongs to the object at fff00000c77e6a00 [ 37.883595] which belongs to the cache kmalloc-128 of size 128 [ 37.883753] The buggy address is located 0 bytes inside of [ 37.883753] allocated 120-byte region [fff00000c77e6a00, fff00000c77e6a78) [ 37.883944] [ 37.884007] The buggy address belongs to the physical page: [ 37.884146] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e6 [ 37.884291] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.884431] page_type: f5(slab) [ 37.884554] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.884698] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.884863] page dumped because: kasan: bad access detected [ 37.885003] [ 37.885061] Memory state around the buggy address: [ 37.885144] fff00000c77e6900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.885250] fff00000c77e6980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.885360] >fff00000c77e6a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.885458] ^ [ 37.885579] fff00000c77e6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.885704] fff00000c77e6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.885974] ================================================================== [ 37.899647] ================================================================== [ 37.899950] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 37.900067] Write of size 121 at addr fff00000c77e6a00 by task kunit_try_catch/296 [ 37.900399] [ 37.900592] CPU: 0 UID: 0 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT [ 37.901120] Tainted: [B]=BAD_PAGE, [N]=TEST [ 37.901194] Hardware name: linux,dummy-virt (DT) [ 37.901267] Call trace: [ 37.901325] show_stack+0x20/0x38 (C) [ 37.901440] dump_stack_lvl+0x8c/0xd0 [ 37.901559] print_report+0x118/0x608 [ 37.901676] kasan_report+0xdc/0x128 [ 37.901792] kasan_check_range+0x100/0x1a8 [ 37.901932] __kasan_check_write+0x20/0x30 [ 37.902072] copy_user_test_oob+0x434/0xec8 [ 37.902217] kunit_try_run_case+0x170/0x3f0 [ 37.902373] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.902529] kthread+0x328/0x630 [ 37.902674] ret_from_fork+0x10/0x20 [ 37.902847] [ 37.902925] Allocated by task 296: [ 37.903033] kasan_save_stack+0x3c/0x68 [ 37.903176] kasan_save_track+0x20/0x40 [ 37.903308] kasan_save_alloc_info+0x40/0x58 [ 37.903513] __kasan_kmalloc+0xd4/0xd8 [ 37.903629] __kmalloc_noprof+0x198/0x4c8 [ 37.903750] kunit_kmalloc_array+0x34/0x88 [ 37.904049] copy_user_test_oob+0xac/0xec8 [ 37.904214] kunit_try_run_case+0x170/0x3f0 [ 37.904330] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 37.904461] kthread+0x328/0x630 [ 37.904593] ret_from_fork+0x10/0x20 [ 37.904737] [ 37.904800] The buggy address belongs to the object at fff00000c77e6a00 [ 37.904800] which belongs to the cache kmalloc-128 of size 128 [ 37.904960] The buggy address is located 0 bytes inside of [ 37.904960] allocated 120-byte region [fff00000c77e6a00, fff00000c77e6a78) [ 37.905113] [ 37.905170] The buggy address belongs to the physical page: [ 37.905279] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e6 [ 37.905436] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 37.905555] page_type: f5(slab) [ 37.905648] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 37.905838] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 37.905966] page dumped because: kasan: bad access detected [ 37.906067] [ 37.906151] Memory state around the buggy address: [ 37.906273] fff00000c77e6900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.906483] fff00000c77e6980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.906743] >fff00000c77e6a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 37.906855] ^ [ 37.906979] fff00000c77e6a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.907089] fff00000c77e6b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 37.907211] ==================================================================
[ 35.130701] ================================================================== [ 35.131214] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 35.131985] Read of size 121 at addr ffff888102df6500 by task kunit_try_catch/315 [ 35.132606] [ 35.132948] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 35.133058] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.133088] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.133132] Call Trace: [ 35.133173] <TASK> [ 35.133209] dump_stack_lvl+0x73/0xb0 [ 35.133275] print_report+0xd1/0x650 [ 35.133321] ? __virt_addr_valid+0x1db/0x2d0 [ 35.133372] ? copy_user_test_oob+0x4aa/0x10f0 [ 35.133419] ? kasan_complete_mode_report_info+0x2a/0x200 [ 35.133471] ? copy_user_test_oob+0x4aa/0x10f0 [ 35.133521] kasan_report+0x141/0x180 [ 35.133590] ? copy_user_test_oob+0x4aa/0x10f0 [ 35.133692] kasan_check_range+0x10c/0x1c0 [ 35.133761] __kasan_check_read+0x15/0x20 [ 35.133892] copy_user_test_oob+0x4aa/0x10f0 [ 35.133969] ? __pfx_copy_user_test_oob+0x10/0x10 [ 35.134032] ? finish_task_switch.isra.0+0x153/0x700 [ 35.134098] ? __switch_to+0x47/0xf50 [ 35.134170] ? __schedule+0x10cc/0x2b60 [ 35.134241] ? __pfx_read_tsc+0x10/0x10 [ 35.134352] ? ktime_get_ts64+0x86/0x230 [ 35.134424] kunit_try_run_case+0x1a5/0x480 [ 35.134533] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.134657] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 35.134730] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 35.134797] ? __kthread_parkme+0x82/0x180 [ 35.134895] ? preempt_count_sub+0x50/0x80 [ 35.134981] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.135052] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.135122] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 35.135231] kthread+0x337/0x6f0 [ 35.135311] ? trace_preempt_on+0x20/0xc0 [ 35.135375] ? __pfx_kthread+0x10/0x10 [ 35.135421] ? _raw_spin_unlock_irq+0x47/0x80 [ 35.135455] ? calculate_sigpending+0x7b/0xa0 [ 35.135490] ? __pfx_kthread+0x10/0x10 [ 35.135519] ret_from_fork+0x116/0x1d0 [ 35.135571] ? __pfx_kthread+0x10/0x10 [ 35.135602] ret_from_fork_asm+0x1a/0x30 [ 35.135669] </TASK> [ 35.135686] [ 35.149331] Allocated by task 315: [ 35.149810] kasan_save_stack+0x45/0x70 [ 35.150219] kasan_save_track+0x18/0x40 [ 35.150688] kasan_save_alloc_info+0x3b/0x50 [ 35.151050] __kasan_kmalloc+0xb7/0xc0 [ 35.151476] __kmalloc_noprof+0x1c9/0x500 [ 35.151996] kunit_kmalloc_array+0x25/0x60 [ 35.152322] copy_user_test_oob+0xab/0x10f0 [ 35.152786] kunit_try_run_case+0x1a5/0x480 [ 35.153229] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.153843] kthread+0x337/0x6f0 [ 35.154211] ret_from_fork+0x116/0x1d0 [ 35.154721] ret_from_fork_asm+0x1a/0x30 [ 35.155235] [ 35.155454] The buggy address belongs to the object at ffff888102df6500 [ 35.155454] which belongs to the cache kmalloc-128 of size 128 [ 35.156747] The buggy address is located 0 bytes inside of [ 35.156747] allocated 120-byte region [ffff888102df6500, ffff888102df6578) [ 35.158160] [ 35.158382] The buggy address belongs to the physical page: [ 35.158963] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102df6 [ 35.159646] flags: 0x200000000000000(node=0|zone=2) [ 35.160128] page_type: f5(slab) [ 35.160466] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 35.161108] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.161741] page dumped because: kasan: bad access detected [ 35.162281] [ 35.162520] Memory state around the buggy address: [ 35.163795] ffff888102df6400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.164365] ffff888102df6480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.164751] >ffff888102df6500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.164942] ^ [ 35.165126] ffff888102df6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.165306] ffff888102df6600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.165483] ================================================================== [ 35.166914] ================================================================== [ 35.167664] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 35.168444] Write of size 121 at addr ffff888102df6500 by task kunit_try_catch/315 [ 35.169693] [ 35.170006] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 35.170127] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.170164] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.170217] Call Trace: [ 35.170257] <TASK> [ 35.170297] dump_stack_lvl+0x73/0xb0 [ 35.170372] print_report+0xd1/0x650 [ 35.170431] ? __virt_addr_valid+0x1db/0x2d0 [ 35.170498] ? copy_user_test_oob+0x557/0x10f0 [ 35.170558] ? kasan_complete_mode_report_info+0x2a/0x200 [ 35.170597] ? copy_user_test_oob+0x557/0x10f0 [ 35.170649] kasan_report+0x141/0x180 [ 35.170696] ? copy_user_test_oob+0x557/0x10f0 [ 35.170734] kasan_check_range+0x10c/0x1c0 [ 35.170768] __kasan_check_write+0x18/0x20 [ 35.170800] copy_user_test_oob+0x557/0x10f0 [ 35.170835] ? __pfx_copy_user_test_oob+0x10/0x10 [ 35.170865] ? finish_task_switch.isra.0+0x153/0x700 [ 35.170897] ? __switch_to+0x47/0xf50 [ 35.170931] ? __schedule+0x10cc/0x2b60 [ 35.170965] ? __pfx_read_tsc+0x10/0x10 [ 35.170996] ? ktime_get_ts64+0x86/0x230 [ 35.171031] kunit_try_run_case+0x1a5/0x480 [ 35.171067] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.171098] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 35.171132] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 35.171165] ? __kthread_parkme+0x82/0x180 [ 35.171194] ? preempt_count_sub+0x50/0x80 [ 35.171225] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.171257] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.171290] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 35.171323] kthread+0x337/0x6f0 [ 35.171350] ? trace_preempt_on+0x20/0xc0 [ 35.171381] ? __pfx_kthread+0x10/0x10 [ 35.171410] ? _raw_spin_unlock_irq+0x47/0x80 [ 35.171440] ? calculate_sigpending+0x7b/0xa0 [ 35.171473] ? __pfx_kthread+0x10/0x10 [ 35.171503] ret_from_fork+0x116/0x1d0 [ 35.171529] ? __pfx_kthread+0x10/0x10 [ 35.171577] ret_from_fork_asm+0x1a/0x30 [ 35.171618] </TASK> [ 35.171652] [ 35.183146] Allocated by task 315: [ 35.183517] kasan_save_stack+0x45/0x70 [ 35.183969] kasan_save_track+0x18/0x40 [ 35.184233] kasan_save_alloc_info+0x3b/0x50 [ 35.184671] __kasan_kmalloc+0xb7/0xc0 [ 35.184916] __kmalloc_noprof+0x1c9/0x500 [ 35.185210] kunit_kmalloc_array+0x25/0x60 [ 35.185654] copy_user_test_oob+0xab/0x10f0 [ 35.186075] kunit_try_run_case+0x1a5/0x480 [ 35.186464] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.186894] kthread+0x337/0x6f0 [ 35.187130] ret_from_fork+0x116/0x1d0 [ 35.187519] ret_from_fork_asm+0x1a/0x30 [ 35.187936] [ 35.188076] The buggy address belongs to the object at ffff888102df6500 [ 35.188076] which belongs to the cache kmalloc-128 of size 128 [ 35.188998] The buggy address is located 0 bytes inside of [ 35.188998] allocated 120-byte region [ffff888102df6500, ffff888102df6578) [ 35.189743] [ 35.189942] The buggy address belongs to the physical page: [ 35.190350] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102df6 [ 35.190924] flags: 0x200000000000000(node=0|zone=2) [ 35.191399] page_type: f5(slab) [ 35.191752] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 35.192279] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.192755] page dumped because: kasan: bad access detected [ 35.193041] [ 35.193167] Memory state around the buggy address: [ 35.193419] ffff888102df6400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.194013] ffff888102df6480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.194690] >ffff888102df6500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.195329] ^ [ 35.195995] ffff888102df6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.196608] ffff888102df6600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.197072] ================================================================== [ 35.198245] ================================================================== [ 35.199192] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 35.200105] Read of size 121 at addr ffff888102df6500 by task kunit_try_catch/315 [ 35.200869] [ 35.201063] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 35.201156] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.201183] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.201239] Call Trace: [ 35.201280] <TASK> [ 35.201315] dump_stack_lvl+0x73/0xb0 [ 35.201380] print_report+0xd1/0x650 [ 35.201428] ? __virt_addr_valid+0x1db/0x2d0 [ 35.201480] ? copy_user_test_oob+0x604/0x10f0 [ 35.201526] ? kasan_complete_mode_report_info+0x2a/0x200 [ 35.201600] ? copy_user_test_oob+0x604/0x10f0 [ 35.201650] kasan_report+0x141/0x180 [ 35.201701] ? copy_user_test_oob+0x604/0x10f0 [ 35.201776] kasan_check_range+0x10c/0x1c0 [ 35.201847] __kasan_check_read+0x15/0x20 [ 35.201918] copy_user_test_oob+0x604/0x10f0 [ 35.201990] ? __pfx_copy_user_test_oob+0x10/0x10 [ 35.202055] ? finish_task_switch.isra.0+0x153/0x700 [ 35.202121] ? __switch_to+0x47/0xf50 [ 35.202194] ? __schedule+0x10cc/0x2b60 [ 35.202266] ? __pfx_read_tsc+0x10/0x10 [ 35.202331] ? ktime_get_ts64+0x86/0x230 [ 35.202401] kunit_try_run_case+0x1a5/0x480 [ 35.202472] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.202584] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 35.202690] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 35.202763] ? __kthread_parkme+0x82/0x180 [ 35.202822] ? preempt_count_sub+0x50/0x80 [ 35.202890] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.202958] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.203021] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 35.203083] kthread+0x337/0x6f0 [ 35.203138] ? trace_preempt_on+0x20/0xc0 [ 35.203200] ? __pfx_kthread+0x10/0x10 [ 35.203251] ? _raw_spin_unlock_irq+0x47/0x80 [ 35.203312] ? calculate_sigpending+0x7b/0xa0 [ 35.203371] ? __pfx_kthread+0x10/0x10 [ 35.203427] ret_from_fork+0x116/0x1d0 [ 35.203473] ? __pfx_kthread+0x10/0x10 [ 35.203526] ret_from_fork_asm+0x1a/0x30 [ 35.203655] </TASK> [ 35.203689] [ 35.216024] Allocated by task 315: [ 35.216423] kasan_save_stack+0x45/0x70 [ 35.216893] kasan_save_track+0x18/0x40 [ 35.217299] kasan_save_alloc_info+0x3b/0x50 [ 35.217786] __kasan_kmalloc+0xb7/0xc0 [ 35.218130] __kmalloc_noprof+0x1c9/0x500 [ 35.218391] kunit_kmalloc_array+0x25/0x60 [ 35.218855] copy_user_test_oob+0xab/0x10f0 [ 35.219278] kunit_try_run_case+0x1a5/0x480 [ 35.219696] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.220196] kthread+0x337/0x6f0 [ 35.220524] ret_from_fork+0x116/0x1d0 [ 35.220828] ret_from_fork_asm+0x1a/0x30 [ 35.221227] [ 35.221438] The buggy address belongs to the object at ffff888102df6500 [ 35.221438] which belongs to the cache kmalloc-128 of size 128 [ 35.222275] The buggy address is located 0 bytes inside of [ 35.222275] allocated 120-byte region [ffff888102df6500, ffff888102df6578) [ 35.222881] [ 35.223027] The buggy address belongs to the physical page: [ 35.223302] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102df6 [ 35.223872] flags: 0x200000000000000(node=0|zone=2) [ 35.224316] page_type: f5(slab) [ 35.224721] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 35.225399] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.226110] page dumped because: kasan: bad access detected [ 35.226605] [ 35.226828] Memory state around the buggy address: [ 35.227282] ffff888102df6400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.227766] ffff888102df6480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.228389] >ffff888102df6500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.228917] ^ [ 35.229383] ffff888102df6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.229844] ffff888102df6600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.230192] ================================================================== [ 35.092810] ================================================================== [ 35.093254] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 35.094040] Write of size 121 at addr ffff888102df6500 by task kunit_try_catch/315 [ 35.094743] [ 35.095180] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc3-next-20250624 #1 PREEMPT(voluntary) [ 35.095304] Tainted: [B]=BAD_PAGE, [N]=TEST [ 35.095340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.095388] Call Trace: [ 35.095420] <TASK> [ 35.095458] dump_stack_lvl+0x73/0xb0 [ 35.095530] print_report+0xd1/0x650 [ 35.095610] ? __virt_addr_valid+0x1db/0x2d0 [ 35.095672] ? copy_user_test_oob+0x3fd/0x10f0 [ 35.095737] ? kasan_complete_mode_report_info+0x2a/0x200 [ 35.095804] ? copy_user_test_oob+0x3fd/0x10f0 [ 35.095872] kasan_report+0x141/0x180 [ 35.095933] ? copy_user_test_oob+0x3fd/0x10f0 [ 35.096013] kasan_check_range+0x10c/0x1c0 [ 35.096081] __kasan_check_write+0x18/0x20 [ 35.096202] copy_user_test_oob+0x3fd/0x10f0 [ 35.096296] ? __pfx_copy_user_test_oob+0x10/0x10 [ 35.096364] ? finish_task_switch.isra.0+0x153/0x700 [ 35.096412] ? __switch_to+0x47/0xf50 [ 35.096451] ? __schedule+0x10cc/0x2b60 [ 35.096489] ? __pfx_read_tsc+0x10/0x10 [ 35.096521] ? ktime_get_ts64+0x86/0x230 [ 35.096578] kunit_try_run_case+0x1a5/0x480 [ 35.096616] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.096674] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 35.096709] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 35.096743] ? __kthread_parkme+0x82/0x180 [ 35.096773] ? preempt_count_sub+0x50/0x80 [ 35.096804] ? __pfx_kunit_try_run_case+0x10/0x10 [ 35.096836] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.096869] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 35.096902] kthread+0x337/0x6f0 [ 35.096930] ? trace_preempt_on+0x20/0xc0 [ 35.096963] ? __pfx_kthread+0x10/0x10 [ 35.096992] ? _raw_spin_unlock_irq+0x47/0x80 [ 35.097023] ? calculate_sigpending+0x7b/0xa0 [ 35.097055] ? __pfx_kthread+0x10/0x10 [ 35.097085] ret_from_fork+0x116/0x1d0 [ 35.097111] ? __pfx_kthread+0x10/0x10 [ 35.097140] ret_from_fork_asm+0x1a/0x30 [ 35.097181] </TASK> [ 35.097197] [ 35.112958] Allocated by task 315: [ 35.113330] kasan_save_stack+0x45/0x70 [ 35.113886] kasan_save_track+0x18/0x40 [ 35.114214] kasan_save_alloc_info+0x3b/0x50 [ 35.114826] __kasan_kmalloc+0xb7/0xc0 [ 35.115218] __kmalloc_noprof+0x1c9/0x500 [ 35.115680] kunit_kmalloc_array+0x25/0x60 [ 35.116097] copy_user_test_oob+0xab/0x10f0 [ 35.116532] kunit_try_run_case+0x1a5/0x480 [ 35.116954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 35.117328] kthread+0x337/0x6f0 [ 35.117582] ret_from_fork+0x116/0x1d0 [ 35.117824] ret_from_fork_asm+0x1a/0x30 [ 35.118216] [ 35.118474] The buggy address belongs to the object at ffff888102df6500 [ 35.118474] which belongs to the cache kmalloc-128 of size 128 [ 35.119705] The buggy address is located 0 bytes inside of [ 35.119705] allocated 120-byte region [ffff888102df6500, ffff888102df6578) [ 35.120805] [ 35.120958] The buggy address belongs to the physical page: [ 35.121236] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102df6 [ 35.122082] flags: 0x200000000000000(node=0|zone=2) [ 35.122610] page_type: f5(slab) [ 35.122963] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 35.123517] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 35.124152] page dumped because: kasan: bad access detected [ 35.124597] [ 35.124867] Memory state around the buggy address: [ 35.125370] ffff888102df6400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 35.125991] ffff888102df6480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.126604] >ffff888102df6500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 35.127276] ^ [ 35.127937] ffff888102df6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.128526] ffff888102df6600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 35.129055] ==================================================================